Transcription

2 Fraud follows opportunity and attacks weakness. Know where you are vulnerable and how to take control. 2

3 Introduction Increase in the levels of scrutiny by Appearing in the form of Regulators Government 58% Documented of respondents have increased their focus on fraud risk management Fraud Policy Increased Employee communication Enhanced fraud risk monitoring Having a reputation for integrity is crucial to safeguarding market confidence and public trust. Unfortunately, fraud and misconduct can seriously undermine such efforts, exposing an organisation to legal, regulatory, or reputational damage. That is why experienced business leaders work to ensure that they have an effective approach to mitigating these risks. This is especially important in an environment marked by intense scrutiny and rising enforcement. The area of fraud risk management is increasingly attracting mainstream attention as various stakeholders have begun to comprehend the negative effects of uncontained risk. With 58 percent of respondents to Deloitte s (UK/ LLP) 2012 report on The Internal Audit Fraud Challenge having said that the new regulatory environment has led them to an increased focus on fraud risk management - is definitely a positive sign. A strong anti-fraud stance and proactive, comprehensive approach to combating fraud is now gradually becoming a pre-requisite and any organisation that fails to protect itself appropriately, faces increased vulnerability to fraud. Fraud Risk Management 3

4 Deloitte s Fraud Risk Management Services We are accustomed to working with clients in a variety of situations, particularly when the level of scrutiny is high and the margin for error is low. Examples include when: Your company experiences a problem and you want to take steps to reduce the likelihood of recurrence Your industry is under scrutiny and you need to assess that your programs and controls can meet stakeholder expectations Your board needs to demonstrate performance of its fiduciary duty to evaluate periodically whether your compliance program is designed and operating effectively Your internal audit or compliance functions would benefit from heightened levels of objectivity or specialization in assessing your program Your employees and third-party agents are operating in environments with added pressures and opportunities to commit fraud or other illegal acts to meet targets Your budget owners need to identify and cut unnecessary costs associated with occupational theft, waste, and abuse Your management team needs to identify fraud and misconduct risks when performing due diligence on acquisition targets or business partners Your company needs to adopt more formalized governance mechanisms and antifraud controls as part of an initial public offering A robust fraud risk management thus, requires more than just ensuring an effective system of internal controls. It also requires clearly defined and implemented actions designed to reduce fraud risk and an ongoing assessment of the effectiveness of the organisation's approach to managing the business risk of fraud. 4

5 A 360 o approach to fraud risk management: The anti-fraud controls roadmap Continuous Improvement: Diagnose, Detect and Respond Steps Generally Include Diagnose vulnerability to fraud Detect gaps in anti-fraud controls Recommend Mitigating Antifraud Controls Continuous or Periodic Monitoring Develop Fraud Response Plan Investigate cases of alleged fraud Evaluate the current status and effectiveness of the organisation s anti-fraud control environment - this involves assessing the culture, attitude, and awareness amongst employees about their knowledge of and response to any issues of fraud or misconduct Evaluate management s existing fraud risk management framework to detect potential gaps of antifraud controls in the processes Establish fraud risk profiles by analysis and ranking of fraud risks (as high/ medium/ low) against existing anti-fraud controls Recommend enhancement of existing controls or mitigating antifraud controls for implementation, based on antifraud control gaps detected Enable continuous monitoring of controls using technology; and/or Perform forensic data analytics of transactions periodically at the process level to alert Management of fraud signals Develop a fraud response plan to address cases of alleged or confirmed fraud Investigate cases of alleged or confirmed fraud Assist in the investigation of cases of alleged or confirmed fraud within the organisation Incorporate identified fraud risks and schemes into fraud risk management framework based on findings from investigation Tools Employees Ethics Survey (DIAGNOSE) Fraud Risk Management Tool (DETECT) Recommend mitigating anti-fraud Controls (RESPOND) Forensic data analytics (DETECT) Develop Fraud Response Plan (RESPOND) Investigate cases of alleged fraud (RESPOND) To think, we know and understand all risks around us is misleading, to think we can manage all of them, if they hit us, is an illusion, and to turn a blind eye to them is sheer foolishness. Fraud Risk Management 5

6 I. Comprehensive evaluation of anti-fraud programs and controls, ethics and compliance program Organisations need to realize the growing importance of addressing / controlling the risk of fraud in a comprehensive and integrated manner, which would in turn benefit them in a number of ways. 1 Know exposure to fraud risks or vulnerabilities Evaluating anti-fraud programs, controls, ethical conduct and compliance with policies and procedures in the business process by assessing its vulnerability to fraud is the foundation on which effective anti-fraud processes are built. Does the management conduct, document and update fraud vulnerability assessment periodically (typically annually)? Can the management explain key fraud risks that may affect the company s brand, reputation and assets? Deloitte assists organisations in conducting a comprehensive periodic evaluation of anti-fraud controls with the help of fraud risk management tools that are tailored to an organisation s processes and specific industry that help check the adequacy of your existing anti-fraud programs and controls. 4 Investigate the signals cases of confirmed and alleged fraud A 360º approach to anti-fraud control measures 3 Recommend remediation measures and tools to implement. Treat the fraud signals. 2 Detect the gaps in the existing fraud prevention and detection control measures Lack of effective corporate governance seriously undermines any fraud risk management programme. Only meticulous and ongoing effort by an organisation can protect itself against significant acts of fraud. 6

7 II. Fraud vulnerability diagnostic tool: A web-enabled employee ethics and fraud awareness survey tool Deloitte s web-enabled fraud and ethics survey tool assesses an organisation s ethical culture, the attitude of its employees towards fraud, the awareness of fraud-related policies and procedures, and an employees willingness to report fraud and other serious misconduct. The web-enabled survey can also provide employees a chance to offer their suggestions to improve the control environment. This survey gathers anonymous feedback from employees and management by guiding them through a series of questions covering key areas such as: Awareness of policies and communication Organizational culture and code of conduct Raising a concern about fraud and misconduct Fraud risk management assessment Conflicts of interest Areas of improvement The process also includes the analysis and production of an interpreted report of findings that includes identification of key issues, practical recommendations, and suggested steps. III. Employee fraud awareness training(s): Essential element of fraud control Making employees aware of their obligations concerning fraud and misconduct controls begins with practical communication and training. Like any other compliance effort, effective fraud control means educating your employees to understand the critical role they play in preventing, detecting and deterring fraud. Your organisation s philosophy and expectations in relation to fraud control and ethical behavior should be planned, prioritized and clearly communicated. Employees at all levels need to be aware of antifraud activities, have a clear understanding of what is expected of them, know that the organisation takes the threat of fraud seriously, and knows where to seek assistance and advice. In formulating a training and communications plan, management should consider developing fraud and misconduct awareness initiatives that are: Comprehensive and based upon job functions and risk areas Integrated with other training efforts, whenever possible Effective in a variety of settings, using multiple methods and techniques Regular and frequent, covering the relevant employee population Deloitte has experienced fraud training facilitators who can assist you by designing and delivering fraud awareness training tailored to the specific needs of your organisation. The issues generally covered are: Organizational expectations and obligations Relevant codes and policies Understanding the concept of fraud and the fraud triangle How to and the benefits of preventing fraud Unearthing typical fraud indicators or red flags Recognizing conflicts of interest and taking steps to resolve them Reporting fraud and seeking assistance Fraud Risk Management 7

8 IV. Tip-offs Anonymous: Deloitte s whistle blowing service An important aspect to encourage accountability and transparency within an organisation is a mechanism to enable all individuals to voice concerns internally in a responsible and effective manner when they discover information which they believe shows serious malpractice. Implementing an employee whistleblowing hotline gives your employees a voice to confidentially report workplace concerns and enables you to identify and rectify problems before they damage your business, reputation and employee morale. Companies are also slowly beginning to realize the importance of integrating a whistleblower service/ independent helpline as part of the fraud risk management strategy. Additionally, it has been proved to be one of the most effective ways to detect fraud (as per the ACFE 2014 Global Fraud Study) 1. Deloitte s Tip-offs Anonymous is a whistleblowing facility that provides callers the opportunity to raise a concern regarding an incident of wrongdoing, fraud or unethical behaviour within the workplace, and report it to an independent party. What does it entail? 24/7 operation Telephone, , web, fax, text Over 16 languages supported Support with Ethics, Whistle-blowing, Fraud or Governance Policies Effective communication and awareness campaigns Privacy compliant Compliance with whistle-blower legislation Complete information security V. Forensic data analytics tool: Leveraging technology to proactively detect, prevent and control fraud Data assessment and continuous analysis Deloitte s DTect TM, a forensic data analytics proprietary tool, can profile and analyse financial and non-financial data across various areas and disparate systems to find anomalous relationships, transactions or unusual patterns, such as, duplicate supplier invoicing, ghost employees, altered payees, etc. This rigorous analysis can help organisations identify fraudulent activity; prioritize case management and investigation; and improve the false positive rate of a detection and prevention strategy. Deloitte s forensic data analytics tool enables us to analyze data to help answer some of the following: What happened? Where did it happen? How many times did it happen? What is the volume / value involved? What ruled or thresholds have been breached? Are there any non-compliance issues with contracts and anti-fraud control gaps in processes? This analytical tool can be used to detect various fraudulent issues and raise red flags by performing tests that can identify and isolate suspicious transactions within the vast data fields that hum away in the course of everyday business. Deloitte makes use of DTect, to interrogate data across the business, based on which electronic data analysis is conducted and specific fraud risk management issues are investigated. This therefore acts as a comprehensive Health Check for your business or for detecting anomalies and potential fraud in your business processes or functions. An effective fraud risk management framework will enable organisations to have controls that first prevent the fraud from occurring, detect as soon as a fraud happens and respond effectively to fraud incidents when they occur. 1 The Association of Certified Fraud Examiners ( ACFE ) report is based on data compiled from a study of 1,483 cases of occupational fraud that occurred that were reported by the Certified Fraud Examiners (CFEs) who investigated them. These offenses occurred in nearly 100 countries across six continents, thus providing a view into the global nature of occupational fraud. 8

9 VI. Develop a Fraud Response Management Plan Has the company developed a fraud response management plan to react to the allegations of major fraud or corruption? Does that plan include assigned responsibilities for management and advisers to help drive actions and communications that will sustain confidence? It is critical for an organisation to develop fraud response strategies, which would help in minimizing the impact of frauds that occur, or are discovered, and come to the attention of the company, authorities and other interested parties. Deloitte assists organisations in setting up an effective Fraud Response Management program / plan that is designed to allow the organisation to react to various types of fraud and misconduct allegations in a measured and consistent manner. These plans can be valuable in implementing a robust response to allegations under severe time pressure and intense scrutiny from the media, regulators, investors, and law enforcement. The overarching goal of a fraud response program is to protect the organisation from the economic, reputational and legal risks associated with the fraud allegation. One of the elements also included in a substantive fraud response strategy is the capability to conduct sound investigations. Additionally, pre-determining investigative resources and protocols can accelerate the pace of an investigation and also help reduce the risk of ineffective investigations. We believe that most organisations could benefit from incorporating leading practices into their investigative response plans, including: Establishing and documenting fraud investigation protocols Identifying fraud investigation resources, especially global response teams, before the occurrence of a crisis Implementing a case management system to track and log the resolution of fraud allegations Implementing processes and control improvements enterprise-wide to gain efficiencies and prevent recurrences Fraud Risk Management 9

10 Conclusion: Responding to the business risk of fraud Given below is a pragmatic approach of the top focus areas of fraud prevention and detection strategies within a fraud risk management programme that can help provide the board of directors and the senior management with actionable results: Web-based survey to understand ethical culture Fraud awareness training Conduct whistle blowing system assessments and benchmarking Data and Technology Forensic data analytics to identify transaction anomalies and unusual patterns Computer Forensics Fraud vulnerability diagnostic (FRM tools used to evaluate anti-fraud controls) Business Intelligence services Corporate Fraud Investigation Culture Controls Make fraud risk management strategy a priority. Have a discussion about the organisation s fraud risk management strategy that involves senior management, the board of directors and audit committee to garner top-level support. Build a cross-departmental fraud risk management committee. Talk about fraud risks and how organisations can benefit by enhancing their fraud risk management capabilities and share examples of fraud schemes in the news or from the organisation s past experiences effective risk management comes with openness and awareness. Plan and execute a fraud risk management programme. Establish clear roles, responsibilities and accountability for fraud risk management. Set goals and timelines and measure the progress in implementing improvements. Put an annual process in place to update the fraud risk management plan and re-evaluate the fraud risk management strategy based on changes in the business and risk environment. Perform an anti-fraud control gap analysis. Compare the organisation s fraud risk management practices with leading global practices using appropriate fraud risk management tools. This will help make the organisation s anti-fraud controls robust as well as stay one step ahead of the fraudster. Identify the missing elements and determine priorities for how anti-fraud control gaps, if any should be addressed. For those practices, which the organisation already has in place, use the recommended leading practices to help uncover further performance improvement opportunities. Using the fraud risk management tool, which also provides a risk rating system (based on evaluation of business processes vis-à-vis their fraud vulnerability and its impact) proves to be an efficient and effective way to periodically evaluate the robustness of anti-fraud control measures. Fraud risk management is not a one-time exercise but a continuous process. As businesses change and grow, so do their fraud risks. We therefore recommend a continuous improvement approach to the fraud risk management strategy that requires regular measurement of where the business is and where it wants to be in terms of effectively preventing, detecting, and deterring fraud. We call this approach the Diagnose, Detect and Respond Strategy. 10

11 What sets us apart? Presence & Infrastructure Expertise and Experience Robust Tools, Flexibility and Scalability Proven Global Delivery Model Technology Deloitte has significant geographic presence in India, with offices in 13 locations including Bengaluru, Chennai, Hyderabad, Kolkata, Mumbai and New Delhi. We have a highly developed infrastructure that has more than ten years of maturity. We have a highly talented and globally competitive workforce, offering experience and expertise in a wide range of services. Professionals in our Forensic & Dispute Services practices have worked on some of the largest and most complex investigations of fraud and corruption within India and globally. Our team has assisted clients on a number of anti-bribery engagements that include anti-bribery due diligence, compliance reviews and investigations. Our key differentiator is the use of robust tools in all our various forensic engagements, right from preventive services like the fraud risk management assessment to reactive services like the investigations that results in building efficiency and effective delivery of engagements, which in turn benefits our clients with outputs substantially exceeding their expectations. We have the flexibility and scalability to quickly ramp up to support large projects at short notice. We are able to staff projects, both virtually and on-site. Deloitte has a proven global delivery model, working seamlessly across time zones and cultures to deliver high quality work on time. Depending on engagement requirements, we adjust our timetables to meet client requirements. Deloitte operates one of the largest electronic discovery labs in Asia (and the largest in India), utilizing advanced technology to collect, process, host, and analyze electronically stored information ( s, user files, metadata, etc.) in support of forensic investigations. A timely detection of fraud incidents will go a long way in containing the losses and improving the chances of recovery. It is now time for organisations to ensure that their current fraud risk management strategies are revised to ensure that they are in line with the current fraud trends and adequate to take care of future growth besides increasing ways of detecting frauds proactively. Fraud Risk Management 11

12 Our key team leaders in India and their contact details are: Rohit Mahajan National Leader & Senior Director, Forensic Services Deloitte Touche Tohmatsu India Pvt. Ltd. Tel: Veena Sharma Director Forensic Services Deloitte Touche Tohmatsu India Pvt. Ltd. Tel: Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. This material and the information contained herein prepared by Deloitte Touche Tohmatsu India Private Limited (DTTIPL) is intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of such subject(s). None of DTTIPL, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this material, rendering professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this material Deloitte Touche Tohmatsu India Private Limited. Member of Deloitte Touche Tohmatsu Limited

Setting up a whistleblowing program 10 Frequently Asked Questions Establishing a whistleblowing program What statutory mandates, in India or abroad, prompt the need for 1 a whistle blower policy/mechanism?

Deloitte Forensic Fraud Risk Management Introduction Organizations cannot afford to be unconcerned about the risk of fraud. Directors and management have a fiduciary obligation and a corporate responsibility

Centre for Corporate Governance Managing the business risk of fraud: New guidance for a new risk environment Many antifraud professionals believe that organizations today face a greater risk of fraud occurring

STAYING AHEAD OF THE PACK: EMERGING TRENDS & ISSUES WHISTLEBLOWING AFTER DODD-FRANK: A NEW WORLD The Dodd-Frank Wall Street Reform and Consumer Protection Act created incentives for whistleblowers to report

Business Intelligence Services Identifying what s beneath the surface For private circulation only www.deloitte.com/in Contents Introduction 03 How can we help? 04 The Deloitte Difference 07 Contacts 08

Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are

Deloitte Adriatic Forensic Services Save 5% of your income. Say NO to fraud. The only way to know your future is to create it. Let s do it together! Dear Clients, As a result of the economic recession,

THE MATH OF FRAUD PREVENTION PESENTATION TO COMPANIES/CO-OPERATIVES ON A FRAUD PREVENTION STRATEGY BY DR PHILIP THEUNISSEN COMPUTUS BESTUURSBURO NOVEMBER 2008 - 2 - INTRODUCTION Fraud is by far the most

www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse Finland Who are we? Bring a robust forensics team to the table to support your organisation Our practice can

Fraud and the Government Internal Auditor January 2012 Fraud and the Government Internal Auditor January 2012 Official versions of this document are printed on 100% recycled paper. When you have finished

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

Types of and Recent Cases Developing an Effective Anti-fraud Program from the Top Down 1 Types of and Recent Cases Chris Grippa (404-817-5945) FIDS Senior Manager with Ernst & Young LLP Works with clients

Fraud Prevention Checklist for Small Businesses 11 Ways to Minimize the Risk and Impact PAYMENT SOLUTIONS Fraud can have a devastating impact on small businesses. Prevention and mitigation strategies can

INFORMATION DRIVES SOUND ANALYSIS, INSIGHT REGULATORY COMPLIANCE ADVISORY Compliance Requirements for Healthcare Carriers Introduction With the introduction of the new healthcare exchanges in January 2014

Forensic Services kpmg.hu We help you curb your losses. Our forensic team provides services designed to assist you in matters of a commercial or financial nature that may result in a legal or regulatory

February 2015 Audit committee performance evaluation Audit committee performance evaluation The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an

Whitepaper Beyond Compliance: Implementing Effective Whistleblower Hotline Reporting Systems Introduction Hotline reporting systems have been in use for more than two decades, and have proven an effective

2016 The global ABB integrity program www.abb.com/integrity Tone from the Top Don t Look the Other Way A culture of integrity is a prerequisite for a world-class business. Many valuable customers choose

NamCode The Corporate Governance Code for Namibia An Overview July 2014 Overview Introduction Boards of directors are confronted with many difficult decisions on a regular basis. The right choice is not

3/27/2012 Proactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you Executive Summary The time to test fraud controls is before you have a fraud

THE FRAUD PREVENTION CHECK-UP 1 HOW COMPLETING THIS CHECK-UP CAN BENEFIT YOUR ORGANIZATION It can help your organization survive an increasingly inhospitable business environment. Due in part to a long-term,

PRIVATE EQUITY Helping to protect your business from fraud, misconduct and non-compliance ADVISORY kpmg.com/in Private equity firms looking to invest in Indian companies encounter a number of challenges.

BDO NORDIC Investigation, fraud prevention and computer forensics You can guess. You can assume. Or you can know. And knowing is always better. CONTENT OUR SERVICES 3 Investigation - Identifying the facts

Deloitte Analytics Trusting big data: Perspective on data governance as a customer analytics investment Many companies are investing significant amounts in customer analytics to drive their business and

With ever-increasing data volumes, more sophisticated fraud patterns, and a drive for strong corporate governance, how can organisations build a culture of integrity and compliance? Learn how data analytics

Contents Glossary 2 About this chapter 3 7.1 About fraud and corruption prevention and control 4 7.1.1 How to use this toolkit 5 7.1.2 What is fraud and corruption? 6 7.1.3 The Australian Standard AS 8001:2008

Fraud Risk Management Procedures 1. Introduction KCE Electronics Public Company Limited ( KCE or the Company ) is committed to achieving the highest levels of business integrity, morals and transparency

White Paper: The Seven Elements of an Effective Compliance and Ethics Program Executive Summary Recently, the United States Sentencing Commission voted to modify the Federal Sentencing Guidelines, including

Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

Fraud Prevention and Detection in a Manufacturing Environment Introduction The Association of Certified Fraud Examiners (ACFE) estimated in its 2008 Report to the Nation on Occupational Fraud and Abuse

Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

Privacy by Design Setting a new standard for privacy certification Privacy by Design is a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure,

Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable

Beyond Compliance: Building a Robust Ethics and Compliance Program Overview Risks are increasing and organizations are called to develop effective compliance risk mitigation programs Today, the explosion

Compliance in motion A closer look at the Corporate Sector Deloitte Risk Services March 2015 2 Contents Preface 5 Management summary 6 The compliance culture 7 Compliance priorities for the next five years

LUZERNE/SCHUYLKILL WORKFORCE INVESTMENT BOARD CORPORATE COMPLIANCE/ETHICS PLAN It is the philosophy of the Luzerne/Schuylkill Workforce Investment Board that all of its employees will comply with all applicable

Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well

POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs April 2015 For private circulation only Draft Guidelines on Managing Risks and Code of Conduct

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND

Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able

Improving protections for corporate whistleblowers Submission to the Treasury December 2009 1 Australia and New Zealand Banking Group Limited ( ANZ ) is pleased to provide comments on the Treasury s Options

ETHICAL PROCUREMENT AND SUPPLY Published by the British Institute of Facilities Management June 2015 Introduction The importance of ethical procurement and supply The majority of organisations use supply

THE ROLE OF THE OFFICE OF THE AUDITOR-GENERAL IN SOUTH AFRICA Shaukat Fakie Introduction The basis for almost all the initiatives in South Africa regarding the fight against corruption, fraud and other

Security solutions To support your business objectives Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives. For an On Demand Business, security

13 Fraud Control Theory Using a variation of a saying from the 1960s, fraud happens. Like all costs of doing business, fraud must be managed. Management must recognize that people commit fraudulent acts